Slashdot Mirror
Microsoft Genuine Advantage Cracked
piyush ranjan writes "An Indian researcher has cracked the much-touted "impenetrable" Windows Genuine Advantage of Microsoft. According to Microsoft this service would soon require all Windows users to verify their license before downloading updates."
Indian cracks Microsoft's anti-piracy program
Alok Sharma | June 21, 2005 14:53 IST
An Indian researcher has breached the much-touted "impenetrable" Windows Genuine Advantage of Microsoft.
Bangalore-based Debasis Mohanty has cracked WGA through an "easy-to-exploit" weakness in the software for generating illegal copies of the Windows XP programme.
Microsoft confirmed the claims of Mohanty, but sought to downplay it saying, "It represents very little threat." A company spokesperson said they did expect counterfeiters to try a number of different methods to circumvent safeguards provided by WGA.
WGA is an anti-piracy programme that keeps a tab on consumers whether they are running legitimately licensed copies of Windows XP.
Mohanty has posted a detailed proof-of-concept programme on the high-profile security mailing list of the software giant, showing how the WGA validation check can be tricked to generate key codes for use on illegal copies of the software.
Using a secondary Microsoft validation tool called 'genuinecheck.Exe', Mohanty claims to have made it possible for people to trick the safeguard mechanism and download and run the supposedly restricted software from Microsoft's download centre, he said.
http://www.hackingspirits.com/vuln-rnd/defeating-w ga-check.zip
http://inhome.rediff.com.nyud.net:8090/money/2005/ jun/21ms.htm
This was discovered by multiple people months ago, as evidenced by this full-disclosure thread, with a followup by another discoverer of the same exploit.
Anyway, what's the point of doing this? You can still download things from Microsoft's site if you don't validate. You just have to pick the "Don't validate" option. Oooh, great, some guy made it so you don't have to click the annoying "No, thanks" button every time you want to download Microsoft Anti-Spyware!
The *real* challenge is to crack the activation algorithm. (which I belive that has some form of the RSA algorithm in it). People, WGA != activation. Activation is the one that's a bitch. If you happen to mess with your hardware in your Windows box a lot, you'll know what I mean. And since I can never use the Internet activation because I "Already used that code too many times" (Swapping IDE hard drives once in a while for backups with Windows is out of the question now?), I end up having to call Miss Microsoft Robot all the time, who always tells me it's very important to use Windows Update to protect my computer from viruses before she gives me my activation code.
Bored? Browse Slashdot with a +6 modifier for Troll comme
The entire purpose of Windows Genuine Advantage of Microsoft is to allow people to know they have actually recieved a Genuine product and not some product that has a key generated for it. If a person gets the product and installs it and then it fails the Windows Genuine Advantage they know they have paid for a pirated version and can then report that to the authorities. Your average home user is not going to install the OS and then run the crack, they want to know that they have a Genuine version (i.e. a genuine licence) that they have paid for. I know if I purchased another OS for the full price i.e. Mac OSX, I would be pissed if it was just a pirated version.
it's a cat and mouse game, and frankly the hackers crack the encryption for the challenge of doing it, because frankly not everyone should have to pay the highway robbery price of windows... even bill gates can be quoted as saying 'software should be free' from back in the day when geeks traded puch tapes of code in the back of vans and copied them ;)
;)
;) linux has enough interesting games for the casual user, and firefox can be set up so web sites with games can be played too, which is what most casual users think of when they think of online gaming, they think og site like pogo or yahoo! games ;)
;) so really you're helping microsoft stay number 1 in install base, while eroding thier bottom line, by pirating windows. frankly right now their bottom line isn't hurting that bad... they're worried about it though, because they know the only thing that microsoft does is add value to the basic principals of writing an OS. if anyone can do this better than them (apple comes to mind, at least for retail prepackaged machines) but they can't touch the white box field, because it cost too much money and headaches to polish a piece of software as complex as windows that will run on almost any configuration of standard PC hardware. linux can only make so many inroads because frankly it's being written by geeks in thier spare time, and a few who work for companies and are told to 'maintain' linux for cred etc...
copy protection is worthless, imo, windows would be better off just trying to convince people that piracy is bad, like the mpaa is trying to do with the ads at the front of dvds that can't be skipped... they'd be better off having an advertisment on the windows load screen and/or as the default screen saver than to put tons and tons of protection that will eventually be cracked for the challenge of it
Piracy is bad, but most of the people who resort to it, are desperate, a few are criminal, but most people aren't that bad. the worst are the crack addicts selling dvds/software on street corners to buy thier next hit... and frankly you don't have to be a crack addict to try that, if you need to have that 10 grand configuration of the dual g-5 2.7gh with 30" apple cinema display, and dual 400 GB hds, and 4 GB of ram... and don't have a job what better way than to sell pirated dvds/software on the street to score the cash without feeling really bad about yourself...
Note: the rest of this post is rambling, and may be inchoerant, feel free to skip it, i only included it for the people who like reading my comments..
Windows has a high price point, because they make a lot more money that way, eventually this will change, because really, you're paying for the 'value added' with commercially packaged software.. So really all microsoft is trying to do is protect the value they added to the basic functions of an os, but reguardless, all they need to do is make it hard enough, they don't need to stop everyone... they just need to be able to contain the flow of illegal copies because unlike apple, they're not a hardware company, all they do is write a complex piece of stoftware that is intended to run on virtually every POS baddly designed motherboard and chipset out there... apple, doesn't do that, they just write one for thier own hardware, which makes it a lot easier. but really, pirated copies of windows that are 'reasonably' difficult to get are no worse for windows than linux. If windows becomes too hard for some system builders to pirate, they will just install linux, and explain 'it's less prone to viruses than windows' they will be forced to switch to linux, and linux certified hardware, the better windows copy protection gets, the better it is for linux, frankly. not everyone needs a true gaming rig, and frankly a lot fo the people who have one probabbly are sleeping on a mattress someone threw away in the trash
okay i'm rambling sorry, but making the cracks too easy to get just helps windows market share... cracking the encryption to be the guy/gal who did it is fine, but if you want to help the case for linux you simply shouldn't make them easy to get
https://www.gnu.org/philosophy/free-sw.html
I'm not sure if the year 1992 has any significance. But in the early age of consumer computing, software used to be built with schemes to make it "impossible" to copy/install/use the software without validating that you had purchased the product.
Usually, this was done by being forced to physically lookup a phrase in the physical documentation and then feed it back to program before it would start/continue work.
This was annoying as hell, particularly to the paying customers. "crackers" would usually located the protection routine in the binary code, and patch it to skip the check. The practice was discontinued because the "protection" scheme would not protect non-purchased use of its product, (the savvier users would merely apply the publicised crack) and would reduce its marketshare by annoying its purchasing customers. Ultimately, software companies just factored piracy rates into its pricing structure.
The post was meant to be humorous, but you may have started using computers after the practice stopped, and thus your question.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
Actually, Windows NT at least *was* certified, even though there were controversies surrounding the whole issue: see this article, for example.
Kind of scary when you think about it.
quidquid latine dictum sit altum videtur.
Therefore, if you've happened to stumble upon it, I'll take your word for that.
It doesn't take source code to discover the shatter attack. Any program that has a window open is allowed to remote-control any other program that has a window open on the same machine. In fact, a program running under a limited user can remote-control a program running under administrator (e.g. an antivirus) and escalate privileges that way.
...and my workstation is set to retreive its patches from it, rather than M$'s site?
.exe files. ...which leads me to another point: Once the updates are in the wild, they WILL get passed around, and there's nothing M$ can do about it.
Currently it contains 1.6GB of what appears to be every M$ update known to man, (including a bunch of crap that I didn't really want, but hey...hard drives are cheap) and they're all
You're using her as bait, Master!
I'm sorry but maybe I'm missing the point here... for about 6+ months, there's been a newer key generator floating around the 'net that will generate Windows installation keys which pass the ActiveX WGA check. If WinXP is installed using one of these keys, it will appear genuine anyway. And, there's even a way to change the product key without re-installing the OS. So has this crack really done anything?
I guess it's more useful as a method for those who don't want/know how to find and download a working keygenerator (since all it requires is a valid copy of the OS and downloading a MS-hosted tool)... but this scheme has been broken a long time ago.
I believe he meant 'clodpate'. It's in Websters.
My son, my son.